0

I'm using a combination of ip6tables and nginx to process http requests from clients. The nginx server listens on port 8081 and must forward a request after examining the header.

Clients can send two types of requests:

  1. GET/POST with no headers. These should be re-directed to https://jaguar.mydomain.com
  2. GET/POST with specific header elb-jaguar.mydomain.com. These should be redirected to https://elb-jaguar.mydomain.com

When run as nginx -c /home/build/v6-only.conf, nginx fails because one server{} directive already has listen on port 8081

nginx: [emerg] duplicate listen options for [::]:8081 in /etc/nginx/v6/v6-only.conf:13

My config is as below:

server {
    listen [::]:8081 ssl ipv6only=on;
    server_name elb-jaguar.mydomain.com;
    ssl_certificate /etc/ssl/elb.crt;
    ssl_certificate_key /etc/ssl/elb.key;

    location / {
        proxy_pass https://elb-jaguar.mydomain.com:443;
    }
}

server {
    listen [::]:8081 ssl ipv6only=on;
    ssl_certificate /etc/ssl/regular.crt;
    ssl_certificate_key /etc/ssl/regular.key;
    server_name jaguar.mydomain.com;

    location / {
        proxy_pass https://jaguar.mydomain.com:443;
    }
}

How can I fix the above config to get the desired forwarding with proxy_pass?

Improve this question

1 Answer 1

Reset to default
1

Difficult to see because that setup should work.

But looking closer at the NGINX docs and your need for IPv6 only, it says (my emphasis):

ipv6only=on|off

this parameter (0.7.42) determines (via the IPV6_V6ONLY socket option) whether an IPv6 socket listening on a wildcard address [::] will accept only IPv6 connections or both IPv6 and IPv4 connections. This parameter is turned on by default. It can only be set once on start.

Because the error message complains of 'duplicate listen options', not 'already listening on that port' or similar, it suggests it is complaining about trying to set ipv6only a second time (even to the same value).

Also, it does say This parameter is turned on by default, so you could easily just remove it altogether, if only to try it.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Another loosely related thought: You only need separate server blocks because you have different SSL certs for the subdomains. If there was an option to use a wildcard cert, you could cover both (and more) with the one cert and therefore have a single server block for both domains (then proxy_pass https://$host:443$request_uri;)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.